Install Security Certificate for IT&E Access Manager - FAQ's


	/ Home / faqs / website certificate security message
	FAQ's::Webpage certificate security message

	Question: I get a security message when I visit http(s)://access.ite.gmu.edu warning about a problem with a security certificate. Answer: You can proceed to the website without changes, but the message will reoccur each session. The website uses a security certificate from a certificate authority (CA) to document its authenticity. You can install a root certificate from that CA, and your web browser will proceed to the newly trusted site without the error message. (You will also be able to browse to other sites which are certified by that same CA without the error message.) To install the security certificate, you will browse to the CA, download a file, and import it into your browser(s). Choose the instructions for your browser: Internet Explorer (7 and 6) Firefox (2.0.0.11) (Netscape is similar) Install a root authority security certificate in Internet Explorer (7 and 6) Open Internet Explorer 7 and enter the URL http://access.ite.gmu.edu/. For Internet Explorer 6, use https://access.ite.gmu.edu/. You may see a normal Security Alert first. Click OK. (If you see a Security Warning box that says, "The current Web page is trying to open a site in your Trusted sites list. Do you want to allow this?", then the website has been included in the Internet Explorer settings. Follow the Tools menu to Internet Options, and choose the Security tab, Trusted Sites, and click the Sites button to check the list. You do not have to add it or to remove it. This just explains a difference in cases when it may occur.) Internet Explorer 6 will display a second Security Alert dialog box indicating the problem. Click No and continue with these instructions. Internet Explorer 7 will display a problem message inside the browser window, "There is a problem with this website's security certificate." In either case, you should install the corresponding root authority certificate. You can continue to the website, but Internet Explorer will display the problem again information on subsequent visits. Additionally, Internet Explorer 7 flags the problem with a red background in the URL and 'Certificate Problem' boxes. (Internet Explorer 6 does not have that feature.) To get the root certificate for installation, browse to CAcert. In the right column menu, click Root Certificate. Download and save the Class 1 PKI Key Root Certificate (PEM Format) file. Next, in the Internet Explorer menu, choose Tools, Internet Options. On the Content tab, click Certificates. Select the Trusted Root Certification Authorities tab. The certificate, when added, will show as "CA Cert Signing Authority", but most likely it will not be listed yet. Click Import... to start the Import wizard, and direct it to the root.cer file that you downloaded. Use the default certificate store location. The wizard will pop up a security warning like this. Choose Yes to install the certificate and see the confirmation. If you review your certificates, you will now see the "CA Cert Signing Authority" listed. Finish by closing the Certificates dialog box and clicking OK for the Internet Options. In the web browser, accept the security alert and continue to http://access.ite.gmu.edu. In Internet Explorer 7, the URL should show with the normal background color. Install a root authority security certificate in Firefox (2.0.0.11) Open Firefox (Netscape should work similarly) and enter the URL http://access.ite.gmu.edu/. If you see this message box and you want Firefox to trust this website, you should install the corresponding root authority certificate. Click Cancel and open a new tab or browser window. If there is any chance that you may be browsing a spoofed website, then you should follow the detailed procedure below. If you are on campus accessing a website on campus and you have accessed it before and you trust it, then you can simply click Accept this certificate permanently. The first time you should follow the details to see how it works. (You certainly would not want your browser to install a counterfeit root authority certificate, if such exist, to authenticate untrusted websites.) In a new browser window, visit CAcert. In the right column menu, click Root Certificate. (The next few steps are shown using Internet Explorer 7 as was done above. If you have already downloaded the root authority certificate, you may skip ahead.) Download and save the Class 1 PKI Key Root Certificate (PEM Format) file. Next, in the Firefox menu, choose Tools, Options. At the top right choose the Advanced section, and the Encryption tab. In the Certificate Manager window, choose the Authorities tab. The certificate needed, when added, will show as "Root CA" and expand to "CA Cert Signing Authority, Software Security Device", but most likely it will not be listed yet, since the authority was unknown to Firefox. At the bottom of the Certificate Manager window, click the Import button and navigate to the root authority certificate file that you downloaded previously. When you open the file, the Downloading Certificate box opens. Put a check mark in the box for Trust this CA to identify web sites (at least). You may view the certificate to look at the details. (The example certificate was issued to CA Cert Signing Authority on 3/30/2003 and expires on 3/29/2033. Its SHA1 Fingerprint is 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 and its MD5 Fingerprint is A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B.) When ready, click OK. Back in the Certificate Manager there will be a new entry for "Root CA" with "CA Cert Signing Authority - Software Security Device" under it. Finish by clicking OK in the Certificate Manager and OK in the Options box. IT&E Instructional Computing Laboratories provide a framework for computing-related educational activities within the School of Information Technology and Engineering. The labs serve students of all the Departments in IT&E.